GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,009 advisories
Filter by severity
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading...
High
Unreviewed
CVE-2019-7300
was published
May 13, 2022
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in...
Critical
Unreviewed
CVE-2019-6609
was published
May 13, 2022
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password...
High
Unreviewed
CVE-2019-6242
was published
May 13, 2022
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database...
Critical
Unreviewed
CVE-2019-4059
was published
May 13, 2022
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated...
High
Unreviewed
CVE-2019-10630
was published
May 13, 2022
TeamPass Storing Passwords in a Recoverable Format vulnerability
Critical
CVE-2019-1000001
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials,...
Critical
Unreviewed
CVE-2018-19466
was published
May 13, 2022
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE...
Critical
Unreviewed
CVE-2018-18698
was published
May 13, 2022
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in...
High
Unreviewed
CVE-2018-18656
was published
May 13, 2022
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain...
High
Unreviewed
CVE-2018-17500
was published
May 13, 2022
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to...
Moderate
Unreviewed
CVE-2018-12038
was published
May 13, 2022
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in...
Critical
Unreviewed
CVE-2018-1000851
was published
May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text
High
CVE-2018-1000425
was published
for
org.jenkins-ci.plugins:sonar
(Maven)
May 13, 2022
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
High
CVE-2018-1000424
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text
High
CVE-2018-1000423
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 13, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager...
High
Unreviewed
CVE-2018-0474
was published
May 13, 2022
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect...
Moderate
Unreviewed
CVE-2018-17871
was published
May 13, 2022
Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials
Moderate
CVE-2019-1003039
was published
for
org.jenkins-ci.plugins:appdynamics-dashboard
(Maven)
May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text
Moderate
CVE-2019-1003045
was published
for
de.eacg:ecs-publisher
(Maven)
May 13, 2022
Jenkins Repository Connector Plugin has insufficiently protected credentials
Low
CVE-2019-1003038
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 13, 2022
Jenkins youtrack-plugin Plugin stored credentials in plain text
Low
CVE-2019-10287
was published
for
org.jenkins-ci.plugins:youtrack-plugin
(Maven)
May 13, 2022
Jenkins Jabber Server Plugin stores credentials in plain text
Low
CVE-2019-10288
was published
for
de.e-nexus:jabber-server-plugin
(Maven)
May 13, 2022
Jenkins Diawi Upload Plugin stores credentials in plain text
Moderate
CVE-2019-10284
was published
for
org.jenkins-ci.plugins:diawi-upload
(Maven)
May 13, 2022
Jenkins mabl Plugin stores credentials in plain text
Moderate
CVE-2019-10283
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
May 13, 2022
Jenkins DeployHub Plugin stores credentials in plain text
Moderate
CVE-2019-10286
was published
for
com.openmake:deployhub
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API